What components are stored in an RSA private key file, and why are there so many beyond just d?
A full RSA private key holds n, e, d, the two primes p, q, and the precomputed Chinese-Remainder-Theorem (CRT) values dp, dq, qinv — the extras make decryption ~4× faster.
Components from openssl rsa -text -in private.pem:
| Field | Symbol | Purpose |
|---|---|---|
| modulus | n = p·q |
Used in both encrypt and decrypt |
| publicExponent | e |
Usually 65537 (= 2¹⁶+1); small + odd for fast encryption |
| privateExponent | d |
d ≡ e⁻¹ mod φ(n) — the secret |
| prime1, prime2 | p, q |
The factors; with these, an attacker has everything |
| exponent1 | dp = d mod (p−1) |
For CRT-based decryption |
| exponent2 | dq = d mod (q−1) |
Same |
| coefficient | qinv = q⁻¹ mod p |
Same |
Why CRT-based decryption is faster: Direct computation of m = c^d mod n involves modular exponentiation with very large numbers. Using CRT, you split into two smaller computations modulo p and modulo q (each half the bit size), then recombine — roughly 4× faster because each modular operation is much cheaper.
Why the components are dangerous to leak:
dby itself = full decryption capability.porqby itself = compute the other (p = n/q), then everything else falls.- Side-channel attacks specifically target CRT decryption: a single fault during the CRT computation can leak
pandqinstantly (Bellcore attack, 1996).
Tip: A .pem file marked BEGIN RSA PRIVATE KEY contains all of the above in DER-encoded form. Never paste it into a chat, never check it into git, never let it be world-readable on disk. Treat it like the master key to your house.